I upgraded one of our XtraDB Cluster nodes and a client system on CentOS to openssl-1.0.1e-30.el6.9 and can no longer connect to and mysql node from the cli client or php when using ssl. Even on the same host (connecting using 127.0.0.1) when requiring ssl on the user account. Galera replication works fine between the nodes though and it’s ssl encrypted.
This is the error from the mysql (percona) cli client:
ERROR 2026 (HY000): SSL connection error: error:00000001:lib(0):func(0):reason(1)
Downgrade to the previous CentOS release of openssl (1.0.1e-30.el6.8) resolves the problem.
One change in this release of openssl that could be related is that the client will reject DH keys below 768 bits. Does anyone know the DH key size used in XtraDB Cluster?